[tbb-commits] [tor-browser/tor-browser-45.1.0esr-6.0-1] fixup! Bug #13670.1: Isolate favicon requests by first party

gk at torproject.org gk at torproject.org
Wed May 4 14:17:16 UTC 2016 

commit ac739a883c7960eda72ce71e82e8b3f704381c4d
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date:   Tue Apr 26 13:33:46 2016 -0700

    fixup! Bug #13670.1: Isolate favicon requests by first party
    
    This fixes the isolation issues on the Page Info dialog (both video and
    audio related). See bug 18703 for more details.
---
 browser/base/content/content.js           | 1 +
 browser/base/content/pageinfo/pageInfo.js | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/browser/base/content/content.js b/browser/base/content/content.js
index 55f579f..ee456df 100644
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -972,6 +972,7 @@ var PageInfoListener = {
     catch (exception) { }
 
     windowInfo.hostName = hostName;
+    windowInfo.firstParty = window.top.location.href;
     return windowInfo;
   },
 
diff --git a/browser/base/content/pageinfo/pageInfo.js b/browser/base/content/pageinfo/pageInfo.js
index 3683b06..beff551 100644
--- a/browser/base/content/pageinfo/pageInfo.js
+++ b/browser/base/content/pageinfo/pageInfo.js
@@ -152,6 +152,7 @@ pageInfoTreeView.prototype = {
 // mmm, yummy. global variables.
 var gDocInfo = null;
 var gImageElement = null;
+var gFirstParty = null;
 
 // column number to help using the data array
 const COL_IMAGE_ADDRESS = 0;
@@ -378,6 +379,8 @@ function loadPageInfo(frameOuterWindowID, imageElement)
 
     gImageElement = pageInfoData.imageInfo;
 
+    gFirstParty = windowInfo.firstParty;
+
     var titleFormat = windowInfo.isTopWindow ? "pageInfo.page.title"
                                              : "pageInfo.frame.title";
     document.title = gBundle.getFormattedString(titleFormat, [docInfo.location]);
@@ -881,7 +884,7 @@ function makePreview(row)
     var newImage = new Image;
     newImage.id = "thepreviewimage";
     // Ensure "Media" items are fetched over the first-party domain.
-    newImage.setAttribute("firstparty", gWindow.top.document.location);
+    newImage.setAttribute("firstparty", gFirstParty);
     var physWidth = 0, physHeight = 0;
     var width = 0, height = 0;
 
@@ -929,6 +932,7 @@ function makePreview(row)
     else if (item.HTMLVideoElement && isProtocolAllowed) {
       newImage = document.createElementNS("http://www.w3.org/1999/xhtml", "video");
       newImage.id = "thepreviewimage";
+      newImage.setAttribute("firstparty", gFirstParty);
       newImage.src = url;
       newImage.controls = true;
       width = physWidth = item.videoWidth;
@@ -940,6 +944,7 @@ function makePreview(row)
     else if (item.HTMLAudioElement && isProtocolAllowed) {
       newImage = new Audio;
       newImage.id = "thepreviewimage";
+      newImage.setAttribute("firstparty", gFirstParty);
       newImage.src = url;
       newImage.controls = true;
       isAudio = true;

More information about the tbb-commits mailing list